CVE-2013-3893
Description
Use-after-free vulnerability in the SetMouseCapture implementation in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript strings, as demonstrated by use of an ms-help: URL that triggers loading of hxds.dll.
Risk Information
Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
81.212
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Cumulative Security Update for Internet Explorer for Windows XP (KB2879017) | Windows |
| Cumulative Security Update for Internet Explorer for Windows Server 2003 (KB2879017) | Windows |
| Cumulative Security Update for Internet Explorer for Windows XP x64 Edition (KB2879017) | Windows |
| Cumulative Security Update for Internet Explorer for Windows Server 2003 x64 Edition (KB2879017) | Windows |
| Cumulative Security Update for Internet Explorer 7 for Windows XP (KB2879017) | Windows |
| Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 (KB2879017) | Windows |
| Cumulative Security Update for Internet Explorer 7 in Windows Vista (KB2879017) | Windows |
| Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 (KB2879017) | Windows |
| Cumulative Security Update for Internet Explorer 7 for Windows XP x64 Edition (KB2879017) | Windows |
| Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 x64 Edition (KB2879017) | Windows |
| Cumulative Security Update for Internet Explorer 7 in Windows Vista x64 Edition (KB2879017) | Windows |
| Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 x64 Edition (KB2879017) | Windows |
| Cumulative Security Update for Internet Explorer 8 for Windows XP (KB2879017) | Windows |
| Cumulative Security Update for Internet Explorer 8 for Windows Server 2003 (KB2879017) | Windows |
| Cumulative Security Update for Internet Explorer 8 in Windows Vista (KB2879017) | Windows |
| Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 (KB2879017) | Windows |
| Cumulative Security Update for Internet Explorer 8 in Windows 7 (KB2879017) | Windows |
| Cumulative Security Update for Internet Explorer 8 for Windows XP x64 Edition (KB2879017) | Windows |
| Cumulative Security Update for Internet Explorer 8 for Windows Server 2003 x64 Edition (KB2879017) | Windows |
| Cumulative Security Update for Internet Explorer 8 in Windows Vista x64 Edition (KB2879017) | Windows |
| Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 x64 Edition (KB2879017) | Windows |
| Cumulative Security Update for Internet Explorer 8 in Windows 7 x64 Edition (KB2879017) | Windows |
| Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 R2 x64 Edition (KB2879017) | Windows |
| Cumulative Security Update for Internet Explorer 9 in Windows Vista (KB2879017) | Windows |
| Cumulative Security Update for Internet Explorer 9 in Windows Server 2008 (KB2879017) | Windows |
| Cumulative Security Update for Internet Explorer 9 in Windows 7 (KB2879017) | Windows |
| Cumulative Security Update for Internet Explorer 9 in Windows Vista x64 Edition (KB2879017) | Windows |
| Cumulative Security Update for Internet Explorer 9 in Windows Server 2008 x64 Edition (KB2879017) | Windows |
| Cumulative Security Update for Internet Explorer 9 in Windows 7 x64 Edition (KB2879017) | Windows |
| Cumulative Security Update for Internet Explorer 9 in Windows Server 2008 R2 x64 Edition (KB2879017) | Windows |
| Cumulative Security Update for Internet Explorer 10 in Windows 7 (KB2879017) | Windows |
| Cumulative Security Update for Internet Explorer 10 in Windows 8 (KB2879017) | Windows |
| Cumulative Security Update for Internet Explorer 10 in Windows 7 x64 Edition (KB2879017) | Windows |
| Cumulative Security Update for Internet Explorer 10 in Windows Server 2008 R2 x64 Edition (KB2879017) | Windows |
| Cumulative Security Update for Internet Explorer 10 in Windows 8 x64 Edition (KB2879017) | Windows |
| Cumulative Security Update for Internet Explorer 10 in Windows Server 2012 x64 Edition (KB2879017) | Windows |
| Cumulative Security Update for Internet Explorer 11 for Windows 8.1 (KB2884101) | Windows |
| Cumulative Security Update for Internet Explorer 11 for Windows 8.1 for x64-based systems (KB2884101) | Windows |
| Cumulative Security Update for Internet Explorer 11 for Windows Server 2012 R2 (KB2884101) | Windows |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-14428 | Cumulative Security Update for Internet Explorer for Windows XP (KB2879017) |
| PATCH-14429 | Cumulative Security Update for Internet Explorer for Windows Server 2003 (KB2879017) |
| PATCH-14430 | Cumulative Security Update for Internet Explorer for Windows XP x64 Edition (KB2879017) |
| PATCH-14431 | Cumulative Security Update for Internet Explorer for Windows Server 2003 x64 Edition (KB2879017) |
| PATCH-14432 | Cumulative Security Update for Internet Explorer 7 for Windows XP (KB2879017) |
| PATCH-14433 | Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 (KB2879017) |
| PATCH-14434 | Cumulative Security Update for Internet Explorer 7 in Windows Vista (KB2879017) |
| PATCH-14435 | Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 (KB2879017) |
| PATCH-14436 | Cumulative Security Update for Internet Explorer 7 for Windows XP x64 Edition (KB2879017) |
| PATCH-14437 | Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 x64 Edition (KB2879017) |
| PATCH-14438 | Cumulative Security Update for Internet Explorer 7 in Windows Vista x64 Edition (KB2879017) |
| PATCH-14439 | Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 x64 Edition (KB2879017) |
| PATCH-14440 | Cumulative Security Update for Internet Explorer 8 for Windows XP (KB2879017) |
| PATCH-14441 | Cumulative Security Update for Internet Explorer 8 for Windows Server 2003 (KB2879017) |
| PATCH-14442 | Cumulative Security Update for Internet Explorer 8 in Windows Vista (KB2879017) |
| PATCH-14443 | Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 (KB2879017) |
| PATCH-14444 | Cumulative Security Update for Internet Explorer 8 in Windows 7 (KB2879017) |
| PATCH-14445 | Cumulative Security Update for Internet Explorer 8 for Windows XP x64 Edition (KB2879017) |
| PATCH-14446 | Cumulative Security Update for Internet Explorer 8 for Windows Server 2003 x64 Edition (KB2879017) |
| PATCH-14447 | Cumulative Security Update for Internet Explorer 8 in Windows Vista x64 Edition (KB2879017) |
| PATCH-14448 | Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 x64 Edition (KB2879017) |
| PATCH-14449 | Cumulative Security Update for Internet Explorer 8 in Windows 7 x64 Edition (KB2879017) |
| PATCH-14450 | Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 R2 x64 Edition (KB2879017) |
| PATCH-14451 | Cumulative Security Update for Internet Explorer 9 in Windows Vista (KB2879017) |
| PATCH-14453 | Cumulative Security Update for Internet Explorer 9 in Windows 7 (KB2879017) |
| PATCH-14454 | Cumulative Security Update for Internet Explorer 9 in Windows Vista x64 Edition (KB2879017) |
| PATCH-14455 | Cumulative Security Update for Internet Explorer 9 in Windows Server 2008 x64 Edition (KB2879017) |
| PATCH-14456 | Cumulative Security Update for Internet Explorer 9 in Windows 7 x64 Edition (KB2879017) |
| PATCH-14458 | Cumulative Security Update for Internet Explorer 10 in Windows 7 (KB2879017) |
| PATCH-14459 | Cumulative Security Update for Internet Explorer 10 in Windows 8 (KB2879017) |
| PATCH-14461 | Cumulative Security Update for Internet Explorer 10 in Windows Server 2008 R2 x64 Edition (KB2879017) |
| PATCH-14462 | Cumulative Security Update for Internet Explorer 10 in Windows 8 x64 Edition (KB2879017) |
| PATCH-14463 | Cumulative Security Update for Internet Explorer 10 in Windows Server 2012 x64 Edition (KB2879017) |
| PATCH-14631 | Cumulative Security Update for Internet Explorer 11 for Windows 8.1 (KB2884101) |
| PATCH-14664 | Cumulative Security Update for Internet Explorer 11 for Windows 8.1 for x64-based systems (KB2884101) |
| PATCH-14665 | Cumulative Security Update for Internet Explorer 11 for Windows Server 2012 R2 (KB2884101) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234